package com.framework.base.filters; 

import java.io.IOException;
import java.util.Iterator;
import java.util.Map;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.commons.lang.StringEscapeUtils;

/**
 * Description:用于对数据进行过滤（注入数据）
 * tabaleName(对应的表名):
 * Company: framework
 * @author：HYH
 * @version 1.0
 * @Date Jun 12, 2011 4:44:07 PM
 */
public class SecurityFilter implements Filter {

	public void destroy() {

	}

	@SuppressWarnings("rawtypes")
	public void doFilter(ServletRequest request, ServletResponse response,
			FilterChain chain) throws IOException, ServletException {
        HttpServletRequest hreq = (HttpServletRequest)request;
        Map map = hreq.getParameterMap();
        Iterator itr = map.keySet().iterator();
        while( itr.hasNext() ){
            String key = itr.next().toString();
            String [] values = hreq.getParameterValues(key);
            if( values != null ){
                for( int i = 0; i < values.length; i++ ){
                    values[i] =StringEscapeUtils.escapeSql(values[i]); //对sql注入进行转义
                    values[i] =StringEscapeUtils.escapeHtml(values[i]); //对html注入进行转义
                }
            }
            hreq.setAttribute(key, values);
        }
        chain.doFilter(request, response);
	}

	public void init(FilterConfig arg0) throws ServletException {

	}

}
